Email Security

    U.S. Government and Industry Aim to Secure 5G Networks
     

    Leadership changes in Washington coincide with the early-phase launch of 5G networks, which could accelerate policy on 5G cyber and network security in 2021.
     

    by Karen Lynch
    1171807918.jpg

    Key Points

    • The business promise of 5G networks can only be realized if they are secure, despite new cyber risks on a vastly expanded attack surface.
    • Congress recently passed an Internet of Things security bill, showing bipartisan support for 5G security policy.
    • The incoming administration and Congress could accelerate a 5G national security strategy in 2021.

     

    U.S. government and industry have been setting the stage for 5G technology to achieve its full potential in America and launch the next wave of digital business transformation. But only if the 5G network is secure will it deliver on its business promise of quantum leaps in productivity, innovation and cost reduction.

    A new 5G security report from AT&T addressed this challenge directly: “Many scenarios will broaden connections among humans and machines more quickly and efficiently but also bring advanced attacks that can take down businesses, utilities and even cities.”[1] As a matter of economic growth and international competitiveness, policymakers want to speed up all that 5G innovation. But they want to ward off crippling network outages, too — as a matter of national and economic security.

    Acting on this determination, Congress passed the Internet of Things (IoT) Cybersecurity Improvement Act in November. If the bill is signed by the president, the National Institute of Standards and Technology (NIST) would set standards for the federal government’s use of IoT devices, which could, in turn, shape private sector norms.[2]

    Several additional bills, public-private trials, R&D funds and other government initiatives addressing 5G cyber and network security have been moving ahead in recent months. The hope is that the incoming administration and Congress will forge them into a national 5G security strategy in 2021. Whether and how fast that happens could be determined by the makeup of the Senate, where the majority party will be determined in January.

    Are Businesses Ready for 5G?

    5G technology promises to deliver mission-critical and even life-critical applications such as smart grids, remote surgery and intelligent transportation systems, with what Intel estimates to be 10 times lower latency, 100 times faster speeds and 1,000 times more capacity than today’s networks.[3] But the 5G cyberattack surface will become much larger, as 5G network architecture displaces centrally controlled hardware with more distributed software control — including millions of small, intelligent base stations and databases at the network’s edge connected to billions of IoT devices worldwide. Further complicating cyber and network security are concerns about foreign suppliers of network equipment and devices, especially as China assumes a leading role in providing 5G technology worldwide.

    The 5G consumer and business services that are now being rolled out in some cities have been limited in what they can do because they rely in part on older wireless networks and technologies. Meanwhile, businesses are already assessing 5G opportunities and cyber risks. The AT&T survey shows that 58% of executives expect to need 5G to remain competitive. But they have security concerns: 47% saw 5G increasing the data security attack surface and fewer than 10% feel their security is ready for 5G today.

    Business Groups Weigh In on 5G Cybersecurity Policy

    Business groups have been lobbying for and responding to 5G cybersecurity policies. Some support government roles in areas including:

    • Setting examples and accelerating development through government procurement
    • Incentivizing private research and development
    • Sponsoring technology trials
    • Favoring a unified national policy over fragmented policies
    • Supporting standards and interoperability at home and abroad

    “We believe that the U.S. government and its traditional international allies can — and must — foster trust and improve security through continued engagement with the private sector on technical and nontechnical risk identification and mitigation efforts, as well as the promotion of continued development of trusted 5G technologies, services and products,” wrote the U.S. Chamber of Commerce.[4]

    But for the most part, business groups have expressed less interest in government-imposed cyber and network security standards and regulations. “The private sector is best positioned to drive innovation and security in 5G,” said the Business Roundtable, an association of American CEOs. “The federal government should not intervene, regulate or attempt to impose a new market structure for 5G deployment.”[5]

    Different business groups are advancing different priorities. For instance, BSA|The Software Alliance wrote an open letter to the new administration emphasizing the need to harness software innovation such as cloud computing in the traditionally hardware-intensive telecommunications environment.[6] This and the fact that 5G’s impact will cut across so many industry sectors make traditional telecommunications regulation a poor fit for 5G network operations and security, BSA told the Commerce Department.[7]

    For its part, ACT|The App Association, which represents small- to medium-sized software application developers and device makers, is advocating public-private partnerships and strategies to improve cybersecurity risk management. “Due to a broadened attack surface, the rise of IoT will require more evolved and dynamic risk management practices,” it said.[8]

    Washington Initiatives Focus on 5G Cyber and Network Security

    Lawmakers, regulators, standards bodies and enforcement agencies in Washington have already spawned many 5G security initiatives, but no overarching strategy for 5G cybersecurity. As one Washington technology think tank put it: “The considerable excitement — perhaps overexcitement — around the technology has contributed to a lack of clear strategic vision from the United States. It is time for a reset.”[9]

    President-elect Biden is expected to elevate the importance of cyber and network security generally. The incoming administration and new Congress will determine which of the current bills, strategies and government-industry collaborations will rise and fall. But since many of these have bipartisan support, their broad outlines are expected to remain intact. And greater international tech diplomacy is expected to improve cooperation on 5G and cybersecurity in 2021.

    Even during the transition to a new administration, legislation related to 5G cyber and network security has advanced in Congress. In addition to the IoT bill described above, the Public Wireless Supply Chain Innovation Fund for 5G R&D grants was included in the National Defense Authorization Act for fiscal year 2021, among other non-defense spending. Congress has just passed the bill, though the president has yet to sign it.[10]

    Agencies Advancing 5G Security

    The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is one federal agency that has outlined the work to be done as 5G evolves, in its 2020 “CISA 5G Strategy.”[11] That work includes:

    • Supporting 5G policy and standards development that emphasize cyber and network security
    • Raising awareness of 5G supply chain risks and promoting security measures
    • Partnering with stakeholders to secure 4G infrastructure that is supporting 5G services during the transition
    • Encouraging private sector innovation
    • Analyzing potential 5G use cases and sharing risk management strategies

    NIST is also active, with a project called Preparing a Secure Evolution to 5G, which invited companies earlier this year to help identify use cases and run demonstrations for cyber and network security.[12] In October, the Defense Department announced $600 million for secure 5G experimentation and testing with industry partners,[13] which would also spin out civilian technology. As a side note: A White House proposal that the military build and operate its own 5G network reportedly hasn’t gained traction.[14]

    Also in 2020, the “Secure 5G and Beyond Act” was signed into law.[15] As one of several pieces of legislation circulating on Capitol Hill, this bill called for the president to develop a strategy to ensure 5G security, with a particular focus on the potential cyber and network security risks of foreign equipment in U.S. domestic networks. Additional considerations include the international competitiveness of U.S. companies. The White House released a strategy addressing such concerns.[16] The incoming administration has not yet detailed its priorities.

    The Bottom Line

    As U.S. businesses look ahead to the innovation and productivity gains expected from 5G networks, January could bring an acceleration of policymaking to ensure 5G cyber and network security given new leadership in Washington. In the meantime, bipartisan legislation and public-private collaboration continues to advance, with the potential to pave the runway for that anticipated acceleration.

     

    [1]5G and the Journey to the Edge,” AT&T

    [2]Senate Passes IoT Cybersecurity Bill by Unanimous Consent,” National Law Review

    [3]Intel 5G and Cloudification: Laying the Foundation for Innovation,” Intel

    [4] Comments to the National Telecommunications and Information Administration, U.S. Chamber of Commerce

    [5]Special Topic: 5G Networks,” Business Roundtable

    [6]BSA Releases Policy Recommendations for Biden-Harris Transition Team,” BSA|The Software Alliance

    [7] Comments on the National Telecommunications and Information Administration, BSA|The Software Alliance

    [8] Comments on the National Telecommunications and Information Administration, ACT|The App Association

    [9] Comments on the National Telecommunications and Information Administration, Information Technology & Innovation Foundation

    [10]National Defense Authorization Act,” U.S. Congress

    [11]CISA 5G Strategy,” Cybersecurity & Infrastructure Security Agency

    [12]5G Cybersecurity: Preparing a Secure Evolution to 5G,” National Institute of Standards and Technology

    [13]DOD Announces $600 Million for 5G Experimentation and Testing at Five Installations,” Defense Department

    [14]Defense Officials Lukewarm on 5G Spectrum-Leasing Plan Pushed by the White House,” Washington Post

    [15]Secure 5G and Beyond Act of 2020,” U.S. Congress

    [16] “National Strategy to Secure 5G,” The White House

     

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top